Information Security - Fire Prevention rather than Fire Fighting

In today’s world, it comes as no surprise that many businesses will see their data as one of their most prized assets. You are not alone. Cyber criminals feel exactly the same way and unfortunately, they’re absolutely flourishing in this $6 trillion global market, sadly fuelled by a “why would someone attack us?” mindset.

In March 2021, the government reported that nearly 40% of UK businesses and more than a quarter of UK charities reported a cyber security breach or attack in the previous year – with around 83% of threats stemming from a phishing attack. Alarming stats given how reluctant we can be to report such incidents.

Recently, US security giant, SonicWall, claim to have recorded over 700 million attempted ransomware attacks in 2021 with the UK alone experiencing a 233% rise on previous figures.

Having a good Anti-virus (AV) software will go a long way to protecting your business from known threats, but is it enough?

AV solutions have done a great job of keeping small and medium-sized businesses safe for many years, however, the ways we work are changing and as a consequence, so are the threat patterns. AV software can only prevent an attack from a known risk. A virus or malware has to be identified and the signature for that threat recorded and known to your software before it can protect against it. Even if your AV solution is set to update its signature file daily, with over 400,000 new viruses detected each day it still cannot protect you from threats it isn’t aware of. They will always be one step behind the criminals with the inevitable delay between the time a virus is discovered to when you become protected.

 

As attacks rapidly evolve in their sophistication, it becomes increasingly difficult for a reactive software to protect your valuable data. As long as cyber criminals continue to invest more time and money into developing the threats than most of us are prepared to spend to protect against them – we’ll always have our backs up against the wall. Malware is slipping through the cracks in AV as criminals are now coding it into fileless attacks and weaponised documents. Even more concerning is the ability for malware to detect a sandboxed environment and remain benign as it is being scanned by your Anti-virus, only to attack when it detects a live environment, or to automatically adjust its signature once it has been detected.

 

It’s not all doom and gloom, there are many approaches a business can take to remain secure. One of our favourite solutions takes you off the backfoot by proactively protecting your environment with integrated endpoint detection and response. Step forward N-central’s Endpoint Detection and Response (EDR), powered by SentinelOne.

 

So, what exactly is EDR? Well, Unlike traditional Anti-virus, EDR offers continuous, always on monitoring. It sits on an endpoint and collects and stores data using behavioural Artificial Intelligence (AI) to detect threats. If a threat is found on a device, the EDR agent can automatically quarantine the threat to contain it AND reverse the effects of the attack by rolling back to a known healthy version (currently only on Windows devices).

 

EDR does everything that a modern AV solution does but takes it a giant leap further by proactively utilising monitoring software and endpoint agents whilst integrating machine learning and AI to identify suspicious behaviours and to address them quickly, even without any signatures.

 

For example, EDR can identify when a large number of files is moved or accessed by someone who doesn’t normally access them. It essentially learns how you usually operate and detects when abnormal behaviour occurs on your network, taking action accordingly. Protection measures include near real-time file analysis and alerts, detailed forensics, offline protection, the ability to disconnect from the network to help prevent further spread, and best of all – the ability to rollback an infected file, leaving your system virus-free with all of your data intact.

 

At ITbuilder we can’t help but to strongly recommend this product to our customers as a truly futureproof security solution. Of course, there are other products and protective approaches that could be just as effective so you should always consider your own needs and capabilities before deploying any security solution. If you’d like to know more about how you can protect yourselves and your customers, give us a call and we’d be happy to have a no obligation conversation.

 

Back to Blog